The idea underlying the use of the new certificate is the one-time, centralized authentication of a user or a service by an institution created for that purpose, termed a certification body. If the requirements of the certification body for successful identity verification are met, the certification body appends its own electronic signature to the public key of the identified person or service. The advantage for the subscribers to a public network lies in the fact that they only need to trust the signature of the certification body, and in this way can be sure of the authenticity of the presented public key.
The certificate consists of two parts. The first part, for example, contains data elements relating to the key, the issuer of the certificate, the user, the signature algorithm, the serial number, etc. The second part of the certificate contains a digital signature generated using the first part of the certificate. A digital signature basically establishes the authenticity of electronically transmitted messages or electronic documents. In the process of generating a digital signature a HASH algorithm is used to form a HASH value from the first part of the certificate. The HASH algorithm compresses the data of the first part of the certificate. The HASH value is decrypted with a crypto algorithm. Decryption is based on the private key of a key pair.
A series of cryptographic keys are issued to a person or an institution for various purposes. These purposes include secure network communication, e.g.                digital signature with legal recognition        encryption of a document key        verification of a user of an application based on a digital signature.        
The possibilities for use of a key are defined in a single certificate which is digitally signed by the certification body.
At present, each digital key issued to a person or institution must be assigned a certificate. The certificates enable communication partners to verify the legitimate use of a key.
Each such certificate requires approximately 800 to 4000 bytes of data, including the certification body's digital signature. If, for example, three keys are to be stored on one chipcard in certified form, 2400 to 12000 bytes of space are required for the certificates. FIG. 1 shows the conventional storage of keys on a chipcard. For each key (1–3) a certificate is issued and stored on the chipcard. It is not possible to issue more than one key by means of one certificate and store it on the chipcard.
The issue of individual certificates for each key used means more memory is required on the keyholder's storage media. Furthermore, each certificate must be transmitted to the various communication partners of the keyholder and stored by them on their systems. The certificates also need to be stored on the various X.500 servers in the network and within the certification body in publicly accessible certificate lists. Which data fields may be redundant in several certificates is shown in FIG. 2.
The fact that one certificate is required per key results in an increased communication demand per transaction and increased memory requirement at all the communication partners. When the certificate expires, applications are made for new separate certificates for all keys, and the certificates are issued by the certification body.
It is therefore the object of the present invention to deliver a new form of the certificate which can be transmitted fast to the various communication partners and results in reduced memory requirement on the storage media.